KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > ejbca > core > model > authorization > BasicAccessRuleSetDecoder


1 /*************************************************************************
2  * *
3  * EJBCA: The OpenSource Certificate Authority *
4  * *
5  * This software is free software; you can redistribute it and/or *
6  * modify it under the terms of the GNU Lesser General Public *
7  * License as published by the Free Software Foundation; either *
8  * version 2.1 of the License, or any later version. *
9  * *
10  * See terms of license at gnu.org. *
11  * *
12  *************************************************************************/
13  
14 package org.ejbca.core.model.authorization;
15
16 import java.util.ArrayList JavaDoc;
17 import java.util.Collection JavaDoc;
18 import java.util.Iterator JavaDoc;
19
20 /**
21  * A class used as a help class for displaying and configuring basic access rules
22  *
23  * @author herrvendil
24  * @version $Id: BasicAccessRuleSetDecoder.java,v 1.3 2006/08/09 07:29:49 herrvendil Exp $
25  */
26 public class BasicAccessRuleSetDecoder implements java.io.Serializable JavaDoc {
27                 
28     private ArrayList JavaDoc currentruleset = new ArrayList JavaDoc();
29     
30     /**
31      * Tries to encode a advanced ruleset into basic ones.
32      * Sets the forceadvanced flag if encoding isn't possible.
33      */
34     public BasicAccessRuleSetDecoder(int currentrole, Collection JavaDoc currentcas, Collection JavaDoc currentendentityrules, Collection JavaDoc currentendentityprofiles, Collection JavaDoc currentotherrules){
35         if(currentrole != BasicAccessRuleSet.ROLE_NONE){
36           if(currentrole == BasicAccessRuleSet.ROLE_SUPERADMINISTRATOR){
37             currentruleset.add(new AccessRule(AvailableAccessRules.ROLE_SUPERADMINISTRATOR, AccessRule.RULE_ACCEPT, false));
38           }else{
39             addCARules(currentcas);
40             addOtherRules(currentotherrules);
41             if(currentrole == BasicAccessRuleSet.ROLE_CAADMINISTRATOR){
42               currentruleset.add(new AccessRule(AvailableAccessRules.ROLE_ADMINISTRATOR, AccessRule.RULE_ACCEPT, false));
43             
44               currentruleset.add(new AccessRule(AvailableAccessRules.REGULAR_CAFUNCTIONALTY, AccessRule.RULE_ACCEPT, true));
45               currentruleset.add(new AccessRule(AvailableAccessRules.REGULAR_LOGFUNCTIONALITY, AccessRule.RULE_ACCEPT, true));
46               currentruleset.add(new AccessRule(AvailableAccessRules.REGULAR_RAFUNCTIONALITY, AccessRule.RULE_ACCEPT, true));
47               currentruleset.add(new AccessRule(AvailableAccessRules.REGULAR_SYSTEMFUNCTIONALITY, AccessRule.RULE_ACCEPT, true));
48               currentruleset.add(new AccessRule(AvailableAccessRules.ENDENTITYPROFILEBASE, AccessRule.RULE_ACCEPT, true));
49             
50               currentruleset.add(new AccessRule(AvailableAccessRules.HARDTOKEN_EDITHARDTOKENISSUERS, AccessRule.RULE_ACCEPT, false));
51               currentruleset.add(new AccessRule(AvailableAccessRules.HARDTOKEN_EDITHARDTOKENPROFILES, AccessRule.RULE_ACCEPT, false));
52                                     
53             }else{
54                addEndEntityRules(currentendentityprofiles, currentendentityrules);
55                if(currentrole == BasicAccessRuleSet.ROLE_RAADMINISTRATOR){
56                   currentruleset.add(new AccessRule(AvailableAccessRules.ROLE_ADMINISTRATOR, AccessRule.RULE_ACCEPT, false));
57                   currentruleset.add(new AccessRule(AvailableAccessRules.REGULAR_CREATECERTIFICATE, AccessRule.RULE_ACCEPT, false));
58                   currentruleset.add(new AccessRule(AvailableAccessRules.REGULAR_STORECERTIFICATE, AccessRule.RULE_ACCEPT, false));
59                   currentruleset.add(new AccessRule(AvailableAccessRules.REGULAR_VIEWCERTIFICATE, AccessRule.RULE_ACCEPT, false));
60                }
61                if(currentrole == BasicAccessRuleSet.ROLE_SUPERVISOR){
62                   currentruleset.add(new AccessRule(AvailableAccessRules.ROLE_ADMINISTRATOR, AccessRule.RULE_ACCEPT, false));
63                   currentruleset.add(new AccessRule(AvailableAccessRules.REGULAR_VIEWLOG, AccessRule.RULE_ACCEPT, true));
64                   currentruleset.add(new AccessRule(AvailableAccessRules.REGULAR_VIEWCERTIFICATE, AccessRule.RULE_ACCEPT, false));
65                }
66             }
67           }
68        }
69     }
70     
71         
72
73     /**
74      * Returns the current advanced rule set.
75      *
76      * @return a Collection of AccessRule
77      */
78     public Collection JavaDoc getCurrentAdvancedRuleSet(){
79         return currentruleset;
80     }
81
82     private void addCARules(Collection JavaDoc currentcas){
83         boolean allcafound = false;
84         
85         Iterator JavaDoc iter = currentcas.iterator();
86         ArrayList JavaDoc carules = new ArrayList JavaDoc();
87         while(iter.hasNext()){
88             Integer JavaDoc next = (Integer JavaDoc) iter.next();
89             
90             if(next.equals(new Integer JavaDoc(BasicAccessRuleSet.CA_ALL))){
91                 allcafound= true;
92                 break;
93             }
94             carules.add(new AccessRule(AvailableAccessRules.CAPREFIX + next.toString(), AccessRule.RULE_ACCEPT, false));
95         }
96         
97         if(allcafound){
98             carules.clear();
99             carules.add(new AccessRule(AvailableAccessRules.CABASE, AccessRule.RULE_ACCEPT, true));
100         }
101         
102         this.currentruleset.addAll(carules);
103         
104     }
105     
106     private void addOtherRules(Collection JavaDoc currentotherrules){
107         Iterator JavaDoc iter = currentotherrules.iterator();
108         while(iter.hasNext()){
109             Integer JavaDoc next = (Integer JavaDoc) iter.next();
110         
111             if(next.equals(new Integer JavaDoc(BasicAccessRuleSet.OTHER_VIEWLOG))){
112                 currentruleset.add(new AccessRule(AvailableAccessRules.REGULAR_VIEWLOG, AccessRule.RULE_ACCEPT, true));
113             }else
114             if(next.equals(new Integer JavaDoc(BasicAccessRuleSet.OTHER_ISSUEHARDTOKENS))){
115                 currentruleset.add(new AccessRule(AvailableAccessRules.HARDTOKEN_ISSUEHARDTOKENS, AccessRule.RULE_ACCEPT, false));
116             }
117         }
118     }
119     
120     private void addEndEntityRules(Collection JavaDoc currentendentityprofiles, Collection JavaDoc currentendentityrules){
121         ArrayList JavaDoc endentityrules = new ArrayList JavaDoc();
122                 
123         Iterator JavaDoc iter = currentendentityrules.iterator();
124         while(iter.hasNext()){
125             int next = ((Integer JavaDoc) iter.next()).intValue();
126             
127             if(next == BasicAccessRuleSet.ENDENTITY_VIEW){
128                 currentruleset.add(new AccessRule(AvailableAccessRules.REGULAR_VIEWENDENTITY, AccessRule.RULE_ACCEPT, false));
129                 endentityrules.add(AvailableAccessRules.VIEW_RIGHTS);
130             }else
131             if(next == BasicAccessRuleSet.ENDENTITY_VIEWHISTORY){
132                 currentruleset.add(new AccessRule(AvailableAccessRules.REGULAR_VIEWENDENTITYHISTORY, AccessRule.RULE_ACCEPT, false));
133                 endentityrules.add(AvailableAccessRules.HISTORY_RIGHTS);
134             }else
135             if(next == BasicAccessRuleSet.ENDENTITY_VIEWHARDTOKENS){
136                 currentruleset.add(new AccessRule(AvailableAccessRules.REGULAR_VIEWHARDTOKENS, AccessRule.RULE_ACCEPT, false));
137                 endentityrules.add(AvailableAccessRules.HARDTOKEN_RIGHTS);
138             }else
139             if(next == BasicAccessRuleSet.ENDENTITY_CREATE){
140                 currentruleset.add(new AccessRule(AvailableAccessRules.REGULAR_CREATEENDENTITY, AccessRule.RULE_ACCEPT, false));
141                 endentityrules.add(AvailableAccessRules.CREATE_RIGHTS);
142             }else
143             if(next == BasicAccessRuleSet.ENDENTITY_DELETE){
144                 currentruleset.add(new AccessRule(AvailableAccessRules.REGULAR_DELETEENDENTITY, AccessRule.RULE_ACCEPT, false));
145                 endentityrules.add(AvailableAccessRules.DELETE_RIGHTS);
146             }else
147             if(next == BasicAccessRuleSet.ENDENTITY_EDIT){
148                 currentruleset.add(new AccessRule(AvailableAccessRules.REGULAR_EDITENDENTITY, AccessRule.RULE_ACCEPT, false));
149                 endentityrules.add(AvailableAccessRules.EDIT_RIGHTS);
150             }else
151             if(next == BasicAccessRuleSet.ENDENTITY_REVOKE){
152                 currentruleset.add(new AccessRule(AvailableAccessRules.REGULAR_REVOKEENDENTITY, AccessRule.RULE_ACCEPT, false));
153                 endentityrules.add(AvailableAccessRules.REVOKE_RIGHTS);
154             }else
155             if(next == BasicAccessRuleSet.ENDENTITY_KEYRECOVER){
156                 currentruleset.add(new AccessRule(AvailableAccessRules.REGULAR_KEYRECOVERY, AccessRule.RULE_ACCEPT, false));
157                 endentityrules.add(AvailableAccessRules.KEYRECOVERY_RIGHTS);
158             }
159             if(next == BasicAccessRuleSet.ENDENTITY_APPROVE){
160                 currentruleset.add(new AccessRule(AvailableAccessRules.REGULAR_APPROVEENDENTITY, AccessRule.RULE_ACCEPT, false));
161                 endentityrules.add(AvailableAccessRules.APPROVAL_RIGHTS);
162             }
163         }
164         
165         addEndEntityProfiles(currentendentityprofiles, endentityrules);
166     }
167     
168     private void addEndEntityProfiles(Collection JavaDoc currentendentityprofiles, Collection JavaDoc endentityrules){
169         boolean allexists = false;
170         Iterator JavaDoc iter =currentendentityprofiles.iterator();
171         
172         
173         ArrayList JavaDoc profilerules = new ArrayList JavaDoc();
174         while(iter.hasNext() && !allexists){
175            Integer JavaDoc next = (Integer JavaDoc) iter.next();
176            if(next.intValue() == BasicAccessRuleSet.ENDENTITYPROFILE_ALL){
177              allexists = true;
178              break;
179            }
180            Iterator JavaDoc iter2 = endentityrules.iterator();
181            String JavaDoc profilerule = AvailableAccessRules.ENDENTITYPROFILEPREFIX + next.toString();
182            while(iter2.hasNext()){
183              String JavaDoc nextrule = (String JavaDoc) iter2.next();
184              profilerules.add(new AccessRule(profilerule + nextrule, AccessRule.RULE_ACCEPT, false));
185            }
186         }
187         
188         if(allexists){
189             profilerules.clear();
190             profilerules.add(new AccessRule(AvailableAccessRules.ENDENTITYPROFILEBASE, AccessRule.RULE_ACCEPT,true));
191         }
192         currentruleset.addAll(profilerules);
193     }
194     
195 }
196
Popular Tags